github.com/verrazzano/verrazzano@v1.7.0/platform-operator/thirdparty/charts/prometheus-community/prometheus-adapter/templates/certmanager.yaml (about)

     1  {{- if .Values.certManager.enabled -}}
     2  ---
     3  # Create a selfsigned Issuer, in order to create a root CA certificate for
     4  # signing webhook serving certificates
     5  apiVersion: cert-manager.io/v1
     6  kind: Issuer
     7  metadata:
     8    name: {{ template "k8s-prometheus-adapter.fullname" . }}-self-signed-issuer
     9    namespace: {{ include "k8s-prometheus-adapter.namespace" . }}
    10    {{- if .Values.customAnnotations }}
    11    annotations:
    12    {{- toYaml .Values.customAnnotations | nindent 4 }}
    13    {{- end }}
    14    labels:
    15      {{- include "k8s-prometheus-adapter.labels" . | indent 4 }}
    16  spec:
    17    selfSigned: {}
    18  ---
    19  # Generate a CA Certificate used to sign certificates for the webhook
    20  apiVersion: cert-manager.io/v1
    21  kind: Certificate
    22  metadata:
    23    name: {{ template "k8s-prometheus-adapter.fullname" . }}-root-cert
    24    namespace: {{ include "k8s-prometheus-adapter.namespace" . }}
    25    {{- if .Values.customAnnotations }}
    26    annotations:
    27    {{- toYaml .Values.customAnnotations | nindent 4 }}
    28    {{- end }}
    29    labels:
    30      {{- include "k8s-prometheus-adapter.labels" . | indent 4 }}
    31  spec:
    32    secretName: {{ template "k8s-prometheus-adapter.fullname" . }}-root-cert
    33    duration: {{ .Values.certManager.caCertDuration }}
    34    issuerRef:
    35      name: {{ template "k8s-prometheus-adapter.fullname" . }}-self-signed-issuer
    36    commonName: "ca.webhook.prometheus-adapter"
    37    isCA: true
    38  ---
    39  # Create an Issuer that uses the above generated CA certificate to issue certs
    40  apiVersion: cert-manager.io/v1
    41  kind: Issuer
    42  metadata:
    43    name: {{ template "k8s-prometheus-adapter.fullname" . }}-root-issuer
    44    namespace: {{ include "k8s-prometheus-adapter.namespace" . }}
    45    {{- if .Values.customAnnotations }}
    46    annotations:
    47    {{- toYaml .Values.customAnnotations | nindent 4 }}
    48    {{- end }}
    49    labels:
    50      {{- include "k8s-prometheus-adapter.labels" . | indent 4 }}
    51  spec:
    52    ca:
    53      secretName: {{ template "k8s-prometheus-adapter.fullname" . }}-root-cert
    54  ---
    55  # Finally, generate a serving certificate for the apiservices to use
    56  apiVersion: cert-manager.io/v1
    57  kind: Certificate
    58  metadata:
    59    name: {{ template "k8s-prometheus-adapter.fullname" . }}-cert
    60    namespace: {{ include "k8s-prometheus-adapter.namespace" . }}
    61    {{- if .Values.customAnnotations }}
    62    annotations:
    63    {{- toYaml .Values.customAnnotations | nindent 4 }}
    64    {{- end }}
    65    labels:
    66      {{- include "k8s-prometheus-adapter.labels" . | indent 4 }}
    67  spec:
    68    secretName: {{ template "k8s-prometheus-adapter.fullname" . }}
    69    duration: {{ .Values.certManager.certDuration }}
    70    issuerRef:
    71      name: {{ template "k8s-prometheus-adapter.fullname" . }}-root-issuer
    72    dnsNames:
    73    - {{ template "k8s-prometheus-adapter.fullname" . }}
    74    - {{ template "k8s-prometheus-adapter.fullname" . }}.{{ include "k8s-prometheus-adapter.namespace" . }}
    75    - {{ template "k8s-prometheus-adapter.fullname" . }}.{{ include "k8s-prometheus-adapter.namespace" . }}.svc
    76  {{- end -}}